CAS-003 Exam Questions
947 real CAS-003 exam questions with expert-verified answers and explanations. Page 6 of 19.
- Question #258Enterprise Security Architecture
Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ's headquarters. Which of the following BEST prevents Company XYZ...
VDIthird-party access controlremote access securityprivileged access - Question #259Risk Management
The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective co...
security policysocial media riskbusiness communicationpolicy compliance - Question #260Risk Management
A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet t...
risk exceptionlegacy systemssecurity policyrisk acceptance - Question #261Technical Integration of Enterprise Security
An administrator is tasked with securing several website domains on a web server. The to secure those domains with a single issued certificate?
SAN certificatePKITLS/SSLmulti-domain certificate - Question #262Enterprise Security Operations
A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not bein...
compensating controlspatch managementnetwork segmentationvulnerability management - Question #263Enterprise Security Operations
A security tester is testing a website and performs the following manual query: The following response is received in the payload: "ORA-000001: SQL command not properly ended" Whic...
fingerprintinginformation disclosureweb application securitySQL error messages - Question #264Enterprise Security Architecture
ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM ad...
virtualization securityaccess controlsecurity zoneshypervisor - Question #265Technical Integration of Enterprise Security
ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are...
HOTPHMACtoken-based authenticationmulti-factor authentication - Question #266Technical Integration of Enterprise Security
A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the highest level. W...
NTLMv2CIFS/SMBWindows-Unix integrationauthentication protocols - Question #267Risk Management
After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following...
job rotationfraud preventioninsider threatseparation of duties - Question #268Enterprise Security Operations
A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting web...
content filteringdrive-by downloadsmalware protectionweb security gateway - Question #269Enterprise Security Operations
A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the...
SCAPcompliance scanningendpoint configurationsecurity assessment tools - Question #270Risk Management
Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As par...
quantitative risk assessmentexposure factorrisk prioritizationrisk treatment - Question #271Enterprise Security Architecture
A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administ...
network segmentationDMZ architecturefirewall zonesweb application hosting - Question #272Risk Management
Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store...
data sanitizationmedia disposaldata handling policydata remnants - Question #273Technical Integration of Enterprise Security
Which of the following is an example of single sign-on?
single sign-onfederated identityauthenticationweb access control - Question #274Enterprise Security Architecture
Which of the following BEST describes the implications of placing an IDS device inside or outside of the corporate firewall?
IDS placementnetwork security monitoringfirewall architectureintrusion detection - Question #275Risk Management
Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the followi...
risk treatmentrisk management frameworkSCADA securitycontrols assessment - Question #276Risk Management
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function wi...
business impact analysisrisk transferrisk treatmentbudget constraints - Question #277Enterprise Security Operations
Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represe...
mobile securityjailbreakingprivilege escalationphysical attack - Question #278Risk Management
The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in qu...
security policyMOUgovernancecompliance - Question #279Risk Management
A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus h...
wireless network designrisk acceptanceWLANnetwork architecture - Question #280Technical Integration of Enterprise Security
In a SPML exchange, which of the following BEST describes the three primary roles?
SPMLidentity provisioningrequest authorityPSP - Question #281Enterprise Security Architecture
The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is...
firewall clusteringstateful inspectionhigh availabilityasymmetric routing - Question #282Enterprise Security Operations
Which of the following types of attacks is the user attempting? select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson
SQL injectioninjection attacksinput validationweb application security - Question #283Enterprise Security Operations
Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the inves...
digital forensicsincident responseevidence collectionforensic process order - Question #284Enterprise Security Architecture
A system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator...
Bluetooth securityRF emanationwireless communicationsphysical security - Question #285Risk Management
A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues. However, to...
vendor diversitysingle point of failurevendor lock-inrisk management - Question #286Research, Development and Collaboration
A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of...
SDLCsecure developmentagile methodologysecurity testing - Question #287Enterprise Security Operations
The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST a...
change managementfirewall managementIT governancecommunication - Question #288Technical Integration of Enterprise Security
An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might...
RFIDasset trackingdata encryption in transitIoT security - Question #289Enterprise Security Operations
Part of the procedure for decommissioning a database server is to wipe all local disks, as well as SAN LUNs allocated to the server, even though the SAN itself is not being decommi...
data sanitizationSAN storagedata remnantsdecommissioning - Question #290Risk Management
The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be...
IT governancechange managementrisk registersecurity policy - Question #292Research, Development and Collaboration
A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been makin...
static code analysissecure codingagile developmentunit testing - Question #294Research, Development and Collaboration
Given the code snippet below: Which of the following vulnerability types in the MOST concerning?
buffer overflowmemory corruptioncode vulnerability analysissecure coding - Question #295Risk Management
To meet a SLA, which of the following document should be drafted, defining the company's internal interdependent unit responsibilities and delivery timelines.
OLASLAservice level agreementsIT governance - Question #296Enterprise Security Operations
A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company's products. The ana...
SQL injectionweb application securitylog analysisattack identification - Question #297Risk Management
An organization has established the following controls matrix: The following control sets have been defined by the organization and are applied in aggregate fashion: Systems contai...
data classificationsecurity controls selectionPII protectioncompliance controls - Question #298Enterprise Security Architecture
A company's existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More...
TLS inspectionnetwork capacity planningSSL decryptionproxy architecture - Question #299Risk Management
A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before th...
lessons learnedprocess improvementpost-incident reviewproject management - Question #300Enterprise Security Operations
A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access fil...
patch managementfirmware updatesendpoint protectionvulnerability remediation - Question #301Enterprise Security Architecture
A network engineer is attempting to design-in resiliency characteristics for an enterprise network's VPN services. If the engineer wants to help ensure some resilience against zero...
VPN resiliencezero-day mitigationcryptographic diversitynetwork architecture - Question #302Enterprise Security Operations
An information security officer is responsible for one secure network and one office network. Recent intelligence suggests there is an opportunity for attackers to gain access to t...
password crackinghash analysiscredential auditingnetwork security - Question #303Enterprise Security Operations
A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to se...
system hardeningconfiguration baselinesCVE databasesecurity guides - Question #304Enterprise Security Operations
A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization's file servers, which contain client dat...
access control listsdata access policiesfile system permissionssecurity assessment - Question #305Technical Integration of Enterprise Security
Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them...
CASBshadow ITcloud storage governancedata control - Question #306Risk Management
Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source record...
legal holde-discoverydata retentionrecords management - Question #308Risk Management
The legal department has required that all traffic to and from a company's cloud-based word processing and email system is logged. To meet this requirement, the Chief Information S...
TLS inspectionuser privacylog managementcloud data exposure - Question #309Enterprise Security Operations
A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessmen...
passive reconnaissanceOSINTWhoisinformation gathering - Question #310Enterprise Security Operations
A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attack...
insider threatPII breachDLPvulnerability remediation